# Report 2021-11

## News

 - [“The power to surveil, control, and punish”: The dystopian danger of a mandatory biometric database in Mexico](https://restofworld.org/2021/the-dystopian-danger-of-a-mandatory-biometric-database-in-mexico/)  
 - [1.8 TB of Police Helicopter Surveillance Footage Leaks Online](https://www.wired.com/story/ddosecrets-police-helicopter-data-leak/)
 - [Latest Bluetooth vulnerability could leave your location exposed](https://www.androidpolice.com/latest-bluetooth-vulnerability-could-leave-your-location-exposed/)
 - [Tracking-industry body IAB Europe told that it has infringed the GDPR, and its “consent” pop-ups used by Google and other tech firms are unlawful](https://www.iccl.ie/news/online-consent-pop-ups-used-by-google-and-other-tech-firms-declared-illegal/)
 - [The Israeli army is using facial recognition to track Palestinians, former soldiers reveal](https://www.theverge.com/2021/11/8/22769933/israeli-army-facial-recognition-palestinians-track)
 - [Data Broker Veraset Gave Bulk Device-Level GPS Data to DC Government](https://www.eff.org/deeplinks/2021/11/data-broker-veraset-gave-bulk-device-level-gps-data-dc-government)
 - [Why chat control is so dangerous](https://netzpolitik.org/2021/eu-commission-why-chat-control-is-so-dangerous/)
 - [Surveillance firm pays $1 million fine after 'spy van' scandal](https://www.bleepingcomputer.com/news/security/surveillance-firm-pays-1-million-fine-after-spy-van-scandal/)
 - [Column: There may be a steep privacy cost if you park at this Trader Joe’s ](https://www.latimes.com/business/story/2021-11-09/column-trader-joes-parking-app)
 - [South Korea Is Giving Millions of Photos to Facial Recognition Researchers](https://www.vice.com/en/article/xgdxqd/south-korea-is-selling-millions-of-photos-to-facial-recognition-researchers)
 - [Artists, Rights Groups Denounce 'Invasive' Palm-Scanning of Concertgoers by Amazon](https://www.commondreams.org/news/2021/11/17/artists-rights-groups-denounce-invasive-palm-scanning-concertgoers-amazon)
 - [Singapore’s tech-utopia dream is turning into a surveillance state nightmare](https://restofworld.org/2021/singapores-tech-utopia-dream-is-turning-into-a-surveillance-state-nightmare/)
 - [Singaporean regulator punishes biggest-ever data breach: Almost 5.9 million hotel customers' info exposed](https://www.theregister.com/2021/11/18/redoorz_fined_for_massive_data_leak/)
 - [Nigeria's central bank digital currency is 'same Naira, more possibilities' – if you count government snooping](https://www.theregister.com/2021/11/22/e_naira_legal_privacy/)
 - [How Cellphone Data Collected for Advertising Landed at U.S. Government Agencies ](https://www.wsj.com/articles/mobilewalla-says-data-it-gathered-from-consumers-cellphones-ended-up-with-government-11637242202)
 - [Mapping Huawei’s Smart Cities creep](http://www.privacyinternational.org/fr/node/4689)
 - [Google, Apple fined by Italian authority for aggressive data collection](https://www.bleepingcomputer.com/news/technology/google-apple-fined-by-italian-authority-for-aggressive-data-collection/)
 - [Chinese province targets journalists, foreign students with planned new surveillance system](https://www.reuters.com/technology/exclusive-chinese-province-targets-journalists-foreign-students-with-planned-new-2021-11-29/)
 - [ICO issues provisional view to fine Clearview AI Inc over £17 million](https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2021/11/ico-issues-provisional-view-to-fine-clearview-ai-inc-over-17-million/)

## Data Breaches

 - [Robinhood Trading App Suffers Data Breach Exposing 7 Million Users' Information](https://9to5mac.com/2021/11/08/popular-trading-platform-robinhood-reports-security-breach-and-user-data-leak/)
 - [Costco discloses data breach after finding credit card skimmer](https://www.bleepingcomputer.com/news/security/costco-discloses-data-breach-after-finding-credit-card-skimmer/)
 - [Utah medical center hit by data breach affecting 582k patients](https://www.bleepingcomputer.com/news/security/utah-medical-center-hit-by-data-breach-affecting-582k-patients/)
 - [GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data](https://thehackernews.com/2021/11/godaddy-data-breach-exposes-over-1.html)
 - [Panasonic discloses data breach after network hack](https://www.bleepingcomputer.com/news/security/panasonic-discloses-data-breach-after-network-hack/)
 - [DNA testing firm discloses data breach affecting 2.1 million people](https://www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/)

## Paper/Report

 - [Evaluating Physical-Layer BLE Location TrackingAttacks on Mobile Devices](https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf)
 - [Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World](https://www.usenix.org/conference/usenixsecurity22/presentation/cherubin)
 - [SugarCoat: Programmatically Generating Privacy-Preserving, Web-Compatible Resource Replacements for Content Blocking](https://cseweb.ucsd.edu/~dstefan/pubs/smith:2021:sugarcoat.pdf)
 - [This Sneaky Piggy Went to the Android Ad Market: Misusing Mobile Sensors for Stealthy Data Exfiltration](https://dl.acm.org/doi/abs/10.1145/3460120.3485366) [Git Repo](https://github.com/SerafMoustakas/adSensorsFramework)
 - [HARPO: Learning to Subvert Online Behavioral Advertising](https://arxiv.org/abs/2111.05792)
